Spear-phishing campaign compromises executives at 150+ companies

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A cybercrime group operating since mid-2019 has breached the email accounts of high-ranking executives at more than 150 companies, cyber-security firm Group-IB reported today.

The group, codenamed PerSwaysion, appears to have targeted the financial sector primarily, which accounted for more than half of its victims; although, victims have been recorded at companies active across other verticals as well.

PerSwaysion operations were not sophisticated, but have been extremely successful, nonetheless. Group-IB says the hackers didn't use vulnerabilities or malware in their attacks but instead relied on a classic spear-phishing technique.

They sent boobytrapped emails to executives at targeted companies in the hope of tricking high-ranking executives into entering Office 365 credentials on fake login pages.

Group-IB said PerSwaysion's entire scheme could be narrowed down to a simple three-step process:
  1. Victims receive an email containing a clean PDF file as an email attachment. If victims open the file, they'd be asked to click a link to view the actual content.
  2. The link would redirect users to a Microsoft Sway (newsletter service) page, where a similar file would ask the victim to click on another link.
  3. This last link redirects the executive to a page mimicking the Microsoft Outlook login page, where hackers would collect the victim's credential
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top